commit 2465047c6f5b9a865f63ae1402fccb95abab9e28
author Ted Kremenek <kremenek@apple.com> Wed Sep 02 02:47:41 2009 +0000
committer Ted Kremenek <kremenek@apple.com> Wed Sep 02 02:47:41 2009 +0000
tree 3f129d815132c6e8a2c12b77230849a9449b5c48
parent 53489322f6574413d906f6a4c66033223e6b1e3f

Implement: <rdar://problem/6337100> CWE-338: Use of cryptographically weak prng
Patch by Geoff Keating!


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80752 91177308-0d34-0410-b5e6-96231b3b80d8

test/Analysis/security-syntax-checks.m

diff --git a/test/Analysis/security-syntax-checks.m b/test/Analysis/security-syntax-checks.m
index df17926..ebd7d17 100644
--- a/test/Analysis/security-syntax-checks.m
+++ b/test/Analysis/security-syntax-checks.m
@@ -60,3 +60,32 @@
   setreuid(2,2); // expected-warning{{The return value from the call to 'setreuid' is not checked.  If an error occurs in 'setreuid', the following code may execute with unexpected privileges}}
   setregid(2,2); // expected-warning{{The return value from the call to 'setregid' is not checked.  If an error occurs in 'setregid', the following code may execute with unexpected privileges}}
 }
+
+// <rdar://problem/6337100> CWE-338: Use of cryptographically weak prng
+int      rand(void);
+double   drand48(void);
+double   erand48(unsigned short[3]);
+long     jrand48(unsigned short[3]);
+void     lcong48(unsigned short[7]);
+long     lrand48(void);
+long     mrand48(void);
+long     nrand48(unsigned short[3]);
+long     random(void);
+int      rand_r(unsigned *);
+
+void test_rand()
+{
+  unsigned short a[7];
+  unsigned b;
+  
+  rand();	// expected-warning{{Function 'rand' is obsolete because it implements a poor random number generator.  Use 'arc4random' instead}}
+  drand48();	// expected-warning{{Function 'drand48' is obsolete because it implements a poor random number generator.  Use 'arc4random' instead}}
+  erand48(a);	// expected-warning{{Function 'erand48' is obsolete because it implements a poor random number generator.  Use 'arc4random' instead}}
+  jrand48(a);	// expected-warning{{Function 'jrand48' is obsolete because it implements a poor random number generator.  Use 'arc4random' instead}}
+  lcong48(a);	// expected-warning{{Function 'lcong48' is obsolete because it implements a poor random number generator.  Use 'arc4random' instead}}
+  lrand48();	// expected-warning{{Function 'lrand48' is obsolete because it implements a poor random number generator.  Use 'arc4random' instead}}
+  mrand48();	// expected-warning{{Function 'mrand48' is obsolete because it implements a poor random number generator.  Use 'arc4random' instead}}
+  nrand48(a);	// expected-warning{{Function 'nrand48' is obsolete because it implements a poor random number generator.  Use 'arc4random' instead}}
+  rand_r(&b);	// expected-warning{{Function 'rand_r' is obsolete because it implements a poor random number generator.  Use 'arc4random' instead}}
+  random();	// expected-warning{{The 'random' function produces a sequence of values that an adversary may be able to predict.  Use 'arc4random' instead}}
+}